All geek questions in one place

How can I log out with AndroidAccountManager

I can log in with Android AccountManager using this code: http://code.google.com/p/google-api-java-client/wiki/AndroidAccountManager

But I do not know how to log out?

+4
source share
3 answers

No. When you use the built-in authentication on Android, you authenticate using the username and password that the user provided in the Accounts and Sync control panel. After you receive this authentication, you use it to get an authentication token that you must cache and use until it becomes bad.

So, let go of the way to access Google services using the "com.google" style account. You will complete authentication with the AccountManager when your application wants to synchronize (you must use the SyncAdapter for this). After authentication, you will receive authentication. this is a large string of random letters that acts like a “key” in subsequent web calls. You save this, and as long as it’s good, you won’t need to authenticate anymore. So, I want to go to get ... let's say Google’s financial portfolio. You include an auth token as part of the http get header. One of two things:

  • Google loves this token and uses it (instead of a username / password pair) to authenticate you and returns data for your request.
  • Google returns an HTTP 40x error indicating that the aut-token you provided is not suitable.

The latter case will occur for two reasons:

  • He is too old. Google loves that you periodically authenticate (just like you should enter your gmail.com password every week or two to make sure it is still yours.) When this happens, invalidate the authentication token (there is function call) and get a new one.
  • The user has changed his password since you received an authentication token. The same thing, except that on this way the device will not be able to authenticate, and then will complain to the user about the need to re-enter the password, and until this happens, you will either receive a NULL authentication token or the call will be blocked until until they get a password (depending on which function call you use to get the token).

In any case, you never log out. You simply use the service with the auth token that you received, and cache until you do this again. Think of the authentication tokens that you get as a session key, which remains good as long as you use it.

+4
source

Why not just revoke the current authorization token by calling

  AccountManager.getInstance().invalidateAuthToken(accountType, currentToken);

Documentation AccountManager.invalidateAuthToken

+3
source

AccountManager clearPassword

In AccountManager:

Forgets the saved password. This removes the local copy of the password; it does not change the password of the user account on the server. It has the same effect as setPassword(account, null) , but requires less permissions and can be used by applications or the "log out" management interfaces.

+1
source

Source: https://habr.com/ru/post/1341633/

More articles:


All Articles